I am adamantly opposed to the use of any fully electronic or Internet-based systems for use in anonymous balloting and vote tabulation applications.  The reasons for my opposition are manyfold, and are expressed in my writings as well as those of other well-respected computer security experts.  To briefly summarize my opinion (based on nearly two decades of research) on this matter I state the following:

• Fully electronic systems do not provide any way that the voter can truly verify that the ballot cast corresponds to that being recorded, transmitted, or tabulated.  Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result.  There is no known way to ensure that this is not happening inside of a voting system.

• Electronic balloting systems without individual print-outs for examination by the voters, do not provide an independent audit trail (despite manufacturer claims to the contrary).  As all voting systems (especially electronic) are prone to error, the ability to also perform a manual hand-count of the ballots is essential.

• No electronic voting system has been certified to even the lowest level of the U.S. government or international computer security standards (such as the ISO Common Criteria or its predecessor, TCSEC/ITSEC), nor has any ever been required to comply with such.  Hence, no current electronic voting system has been properly validated as being secure.

• There are no required standards for voting displays, so computer ballots can be (and have been) constructed to be as confusing (or more) than the butterfly style used in Florida 2000, giving advantage to some candidates over others.

• Electronic balloting and tabulation makes the tasks performed by poll workers, challengers, and election officials  purely procedural, and removes any opportunity to perform bipartisan checks.  Any computerized election process is thus entrusted to the small group of individuals who program, construct and maintain the machines.

• Although convicted felons and foreign citizens are prohibited from voting in U.S. elections (in many states), there are no such laws regarding voting system manufacturers, programmers and administrative personnel.  Felons and foreigners can (and do!) work at and even own some of the voting machine companies providing equipment to U.S. municipalities.

• Encryption provides no assurance of privacy or accuracy of ballots cast.  Cryptographic systems, even strong ones, can be cracked or hacked, thus leaving the ballot contents along with the identity of the voter open to perusal.  One of the nation's top cryptographers, Bruce Schneier, has expressed his concerns on this matter, and has recommended that no computer voting system be adopted unless it also provides a physical paper ballot perused by the voter and used for recount and verification. Another leading cryptographer, David Chaum, has also expressed his endorsement of paper ballot methods.

• Internet voting (whether at polling places or off-site) provides avenues of system attack to the entire planet.  If the major software manufacturer in the world cannot not protect its own company and products from an Internet attack, one must understand that voting systems (created by this firm or others) will be no better (and probably will be worse) in terms of vulnerability.

• Off-site Internet voting creates unresolvable problems with authentication, leading to possible loss of voter privacy, vote-selling, and coersion.  Furthermore, this form of voting does not provide equal access for convenient balloting by all citizens, especially the poor, those in rural areas not well served by Internet service providers, the elderly, and certain disabled populations.  For these reasons, off-site Internet voting systems should not be used for any government election.

It is therefore incumbent upon all concerned with elections to REFRAIN from procuring ANY system that does not provide an indisputable, anonymous paper ballot which can be independently verified by the voter prior to casting, used by the election board to demonstrate the veracity of any electronic vote totals, and also available for manual audit and recount.

Since 2003, because of unresolvable problems with the implementation and deployment of the DRE/VVPAT systems, and the difficulties experienced in using the VVPATs in recounts, I have recommended (and continue to recommend) that municipalities ONLY purchase the opscan + ballot-marking systems.